335 hack event(s)
Description of the event: BNB Chain officially announced that its English X account has been compromised and is currently under emergency recovery. The team warned users not to click on any links.
Amount of loss: - Attack method: Account Compromise
Description of the event: The attackers exploited a misconfigured LayerZero bridge along with a compromised private key for the GAIN BSC contract. By setting a malicious peer contract on Ethereum, they bypassed validation checks and minted 5 billion counterfeit GAIN tokens on BSC. The attackers then sold approximately 150 million of these counterfeit tokens (about 2.8% of the total fake supply) on PancakeSwap, cashing out around USD 3 million.
Amount of loss: $ 3,000,000 Attack method: Private Key Leakage
Description of the event: Meta Alchemist, founder of the Web3 incubator and launchpad platform Seedify, announced on X that one of its SFUND bridges was recently hacked. According to Seedify’s official account, a DPRK-affiliated group known for multiple Web3 exploits gained access to a developer’s private key. Using this access, the attackers were able to mint a large number of SFUND tokens through a bridge contract that had previously passed audit. As a result, the OFT contract was compromised, allowing the attackers to alter its settings and mint unauthorized tokens on Avalanche.
Amount of loss: $ 1,700,000 Attack method: Private Key Leakage
Description of the event: ABCCApp on BSC was reportedly attacked, resulting in a loss of approximately $10.1K. The root cause was that the contract’s addFixedDay() function lacked access control, and fixedDay was used in calculating claimable USDT.
Amount of loss: $ 10,100 Attack method: Contract Vulnerability
Description of the event: D3X AI (@D3X_AI) was attacked on BSC, resulting in a loss of approximately $158.9K. The root cause was that the exchange() function of contract 0xb8ad relied on the spot price of the d3xat token from a UniswapV2 pair, which the attacker exploited through a price manipulation attack.
Amount of loss: $ 158,900 Attack method: Price Manipulation
Description of the event: According to monitoring by SlowMist's MistEye security system, VDS on the BSC appears to have been attacked, with an estimated loss of around $13,000.
Amount of loss: $ 13,000 Attack method: Business Logic Flaw
Description of the event: A suspicious attack involving MEV bot 0xb5cb occurred on BSC, resulting in losses of approximately $2 million.
Amount of loss: $ 2,000,000 Attack method: Contract Vulnerability
Description of the event: According to monitoring by the SlowMist security team, the digital asset wealth management platform Nexo suffered a sandwich attack due to a lack of access control in one of its contracts, resulting in a loss of approximately $31,000.
Amount of loss: $ 31,535 Attack method: Contract Vulnerability
Description of the event: Mobius Token on BSC is suspected to have been exploited, with estimated losses of $2.15 million.
Amount of loss: $ 2,150,000 Attack method: Contract Vulnerability
Description of the event: According to the SlowMist MistEye security monitoring system, LIFE Protocol has been attacked, resulting in a loss of over $51,000.
Amount of loss: $ 51,000 Attack method: Price Manipulation
Description of the event: According to the SlowMist MistEye security monitoring system, ACB appears to have been attacked on BSC, resulting in a loss of approximately $22,000.
Amount of loss: $ 22,804 Attack method: Contract Vulnerability
Description of the event: According to monitoring by SlowMist's security team, Min Token (MIN) is suspected to have been attacked on BSC, resulting in a loss of approximately $21,400.
Amount of loss: $ 21,415 Attack method: Price Manipulation
Description of the event: BNB-based memecoin launchpad Four.Meme was attacked. According to the SlowMist security team’s analysis, the attacker purchased a small amount of tokens before launch through the 0x7f79f6df function of Four.Meme, and used this feature to send tokens to a specified PancakeSwap Pair address that had not yet been created. This allowed the attacker to create the Pair and add liquidity without needing to transfer the yet-to-be-launched tokens to the Pair, bypassing the transfer restrictions (MODE_TRANSFER_RESTRICTED) that applied before the Four.Meme Token launch. Ultimately, the attacker was able to add liquidity at an unintended price to steal pool liquidity.
Amount of loss: $ 130,000 Attack method: Price Manipulation
Description of the event: The memecoin platform Four.Meme was attacked. According to an analysis by the SlowMist security team, the attacker was able to execute a frontrunning attack by pre-creating a liquidity pool on PancakeSwap v3 with an extremely high token price. When the token was integrated into PancakeSwap v3, liquidity was added based on the unbalanced pool set up by the attacker. Since the project team did not verify the pool's price, the added liquidity followed the maliciously set price. As a result, the attacker was able to exploit this mechanism to drain assets from the pool.
Amount of loss: $ 183,000 Attack method: Business Logic Flaw
Description of the event: According to monitoring by the SlowMist security team, Cashverse appears to have been attacked on BSC.
Amount of loss: $ 107,900 Attack method: Contract Vulnerability
Description of the event: According to monitoring by the SlowMist security team, BankX appears to have been attacked on BSC, ETH, and Optimism.
Amount of loss: $ 43,000 Attack method: Contract Vulnerability
Description of the event: According to monitoring by the SlowMist security team, AST was allegedly attacked on BSC.
Amount of loss: $ 64,700 Attack method: Contract Vulnerability
Description of the event: Mosca appears to have suffered another attack on BSC, resulting in losses of approximately $37,600.
Amount of loss: $ 37600 Attack method: Contract Vulnerability
Description of the event: BUIDL was suspected to have been attacked on BSC, resulting in an approximate loss of $8K.
Amount of loss: $ 8,000 Attack method: Contract Vulnerability
Description of the event: FortuneWheel was suspected to have been attacked on BSC, resulting in an approximate loss of $21.6K.
Amount of loss: $ 21,600 Attack method: Price Manipulation